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SUPPLEMENTAL SUMMARY OF CLAIMED SUBJECT MATTER 

Sir Or Madam, 

This paper is being filed in response to the Notice of Non-Compliant Appeal Brief under 
37 C.F.R. § 41.37 mailed March 17, 2009, in the above identified application. Pursuant to a 
conversation with Patent Appeal Specialist Tracey M. Young on March 27, 2009, the explanations 
of the subject matter of claims 66 and 67 in the Summary of Claimed Subject Matter (the 
"Summary") have been provided separately in this document. Thus, the Appeal Brief is believed 
to now be in compliance with 37 C.F.R. § 41.37. 
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SUMMARY OF CLAIMED SUBJECT MATTER: 


Herein, a brief introduction is provided to the general concepts covered by the independent 
claims, with reference to the application, to provide some context for, and to render more concise 
the subsequent description of the individual independent claims. 

Aspects of the invention claimed herein are directed to a service provider that provides 
services to client computers, in which a first set of services is provided by a first set of servers 
having a first one-way trust relationship with the client computers and a second set of servers 
having a second one-way trust relationship, opposite the direction of the first one-way trust 
relationship, with the client computers. 

The concept of a one-way trust is now expanded upon with reference to the specification. 
The specification recites that "a trust . . . allows users in one of the sets of computers to access 
resources in another set of computers in a secure way". Specification, page 5, lines 24-25. 
Attention is now directed to page 7 and Figure 2 of the specification. Figure 2 includes 
illustrations of links 221-226 and 231-236 wherein the arrows on the links indicate which forests 
trust other forests. See Specification, page 7, lines 14-15. Moreover, the Specification indicates 
that there are no two-way trusts in the depicted arrangement. See Specification page 7, line 18. 

For example, directing attention to link 232 and the arrow thereon, the specification states 
that forest 207 trusts forest 204 (with the arrow directed toward forest 204), but that forest 204 
does not trust forest 202, which is consistent with the arrow on the link between forests 202 and 
204 being directed away from forest 202 (see specification, page 7, lines 19-20). Thus, the links 
of Figure 2 show one-way trusts with the direction of trust indicated by the arrows on the 
respective links. Hereafter, Mgt./Conf. Forest 204 is referred to as management forest 204. 

It is the trusted entity which is granted secure access to the trusting entity. For example, 
with reference to Figure 2 and to page 8, lines 9-11, client 208 allows management forest 204 to 
access client 208 to provide a software update thereto, which is consistent with link 233 having a 
one-directional trust direction from client 208 to management forest 204. Thus, secure access is 
provided in the direction opposite the direction of the trust direction shown by the arrowed links in 
Figure 2. 


The subject matter can be analogized to the following system, in which the secure access 
is implemented with the typical methodology of requiring a user name and password so the user 
can be authenticated. Consider a terminal connected to a first host computer, wherein the terminal 
has to provide a user name and login password in order to access the first host computer. The first 
host computer provides some services to the terminal. Now consider that there are other services 
provided to the terminal by a different, second, host computer. For these other services, the 
terminal does not log into the second host computer and provide a user name and login password. 
Instead, the second host computer logs into the terminal, and provides to the terminal the user 
name and login of the second host computer . The terminal then receives services from both hosts. 

For purposes of explanation herein, the user terminal logs onto the first host in a secure 
manner to receive services, but the user terminal is logged onto by the second host to receive other 
services. Therefore, each host is connected to the user terminal using back to back secure access 
connections, namely, the connections are secure in opposite directions to one another . 

Claim 40 recites: 

providing a first set of services on a first set of one or more servers of the service provider 
to the plurality of client computers by providing secure access to the first set of one or more 
servers by the plurality of client computers, 

but prohibiting secure access to the plurality of client computers by the first set of one or 
more servers, 

In the aspect of the invention of claim 40, with reference to Figure 2, server forest 202 is 
the first set of one or more servers, and one or more of entities 206-21 1 are the client computers. 
Arrowed links 221-226 identify a one-way trust relationship in which server forest 202 trusts the 
plurality of client computers. Correspondingly, as discussed above, the plurality of client 
computers is provided secure access to the first set of one or more servers. 

Consistent with the above discussion, the one-way character of the trust indicated by 
arrowed links 221-226 operates to prohibit secure access to the plurality of client computers 
206-21 1 by the first set of one or more servers 202. This is consistent with management forest 204 
not trusting service forest 202, as discussed in the specification at page 7, lines 19-20, discussed 
above. 


Claim 40 further recites: 

providing a second set of services on a second set of one or more servers of the service 
provider to the plurality of client computers by providing secure access to the plurality of 
client computers by the second set of one or more servers, 

but prohibiting secure access to the second set of one or more servers by the plurality of 
client computers. 

In the aspect of the invention recited in claim 40, the second set of servers is management 
forest 204 (see Figure 2). In a parallel manner to the discussion of the earlier portion of claim 40 
above, with reference to Figure 2, arrowed links 23 1-236 establish a one-way trust extending from 
client computers 206-21 1 to management forest 204. Consistent with the introductory discussion 
above, this one-way trust corresponds to providing secure access to the plurality of client 
computers 206-21 1 by the second set of one or more servers 204, but prohibiting secure access to 
the second set of one or more servers 204 by the plurality of client computers 206-21 1 . 

Claim 5 1 is directed to a system and closely tracks the language of method claim 40. Claim 
51 recites: 

a first set of one or more servers for providing a first set of services to the plurality of client 
computers by providing secure access to the first set of one or more servers by the plurality 
of client computers, 

but prohibiting secure access to the plurality of client computers by the first set of one or 
more servers; 

With reference to Figure 2, arrowed links 221-226 extend from first of servers 202 to client 
computers 206-21 1, respectively, indicating the existence of one-way trusts between the listed 
entities. Thus, in accordance with the above discussion of trusts and the associated directions in 
which secure access is allowed (see Applicants' specification page 5, lines 23-25), the client 
computers 206-21 1 are provided secure access to the first set of one or more servers, but the first 
set of one or more servers are prohibited from securely accessing the plurality of client computers. 

Claim 5 1 further recites: 

a second set of one or more servers for providing a second set of services to the plurality 
of client computers by providing secure access to the plurality of client computers by the 
second set of one or more servers, 

but prohibiting secure access to the second set of one or more servers by the plurality of 
client computers 


Consistent with the above discussion, and with continuing reference to Figure 2, arrowed 
links 231-236 show the existence of one-way trusts extending from client computers 206-21 1, 
respectively, to management forest 204 (the second set of one or more servers). Thus, the second 
set of one or more servers 204 is provided with secure access to the plurality of client computers 
206-21 1, but client computers 206-21 1 are prohibited from securely accessing the second set of 
one or more servers. 

Claim 62 recites: 

"separating the services provided by the service provider into a first group of services 
provided by a first group of one or more servers of the service provider, and a second group 
of services provided by a second group of one or more servers of the service provider;" 

The separation of services of claim 62 is discussed (a) between 5 line 26 and page 6, line 
3; and (b) on page 8, lines 3-8 and is best understood in relation to Figure 2 where the first group 
of one or more servers corresponds to server forest 202 and the second group of one or more 
servers corresponds to management forest 204. 

Claim 62 further recites: 

"providing the first set of services from the first set of servers through a one-way trust 
connection from the first set of servers to the client computers" 

In the aspect of the invention recited in claim 62, the one-way trust connection is shown by 
any of arrowed links 221-226 extending from server forest 202 to client computers 206-21 1 . 

Claim 62 further recites: 

"providing the second set of services from the second set of servers to the client computers 
through a one-way trust connection from the client computers to the second set of servers" 

A one-way trust connection is shown by any one of arrowed links 23 1-236 extending from 
client computers 206-21 1 to management forest 204 (the second set of servers). 

Since the subject matter of claim 66 and 67 is similar, the language of these claims is 
quoted below, and their features are discussed together thereafter. 


Claim 66 recites: 

enabling a first set of services on a first set of servers of the service provider through a 
one-way trust connection from the first set of servers to the plurality of client computers; 

enabling a second set of services on a second set of servers of the service provider to the 
plurality of client computers through a one-way trust connection from the client computers 
to the second set of servers; and 

providing the first and second sets of services. 

The first and second sets of services are described on page 8, lines 3-8. The one-way trust 
connection from the first set of servers 202 to client computers is shown with arrowed links 
221-226 of Figure 2. The one-way trust connection from the client computers 206-21 1 to the 
second set of servers 204 is shown with arrowed links 231-236 of Figure 2. The general 
explanation of a trust is provided on page 5, lines 24-25 of the specification. The concept of a 
one-way trust is explained on the first page of this Summary document, with reference to the 
specification and the drawings. For the sake of brevity, that discussion is not repeated here. 


Claim 67 recites: 

a first set of servers for providing a first set of services to the plurality of client computers 
through a one-way trust relationship from the first set of servers to the plurality of client 
computers; and 

a second set of servers for providing a second set of services to the plurality of client 
computers through a one-way trust relationship from the plurality of client computers to 
the second set of servers. 

The first and second sets of services are described on page 8, lines 3-8. The one-way trust 
connection from the first set of servers 202 to client computers is shown with arrowed links 
221-226 of Figure 2. The one-way trust connection from the client computers 206-21 1 to the 
second set of servers 204 is shown with arrowed links 231-236 of Figure 2. The general 
explanation of a trust is provided on page 5, lines 24-25 of the specification. The concept of a 
one-way trust is explained on the first page of this Summary document, with reference to the 
specification and the drawings. For the sake of brevity, that discussion is not repeated here. 


CONCLUSION: 


The provision of separate explanations of the subject matter for independent claims 66 and 67 
in the accompanying updated "Summary of Claimed Subject Matter" is believed to place the pending 
Appeal Brief in compliance with the 37 C.F.R. § 41 .37. 

It is believed that no fees are due. However, the Commissioner is hereby authorized to charge 
any further fees believed due from, or credit any overpayment to, our Deposit Account No. 50-471 1 . 

Dated: March 3 1 , 2009 Respectfully submitted, 

By: s/Leslie S. Garmaise/ 
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